Navigating the complex landscape of healthcare technology can feel like a constant battle, especially when it comes to accessing and sharing patient data. Many healthcare providers struggle with electronic health record (EHR) systems that, despite their promises of efficiency, sometimes hinder the free flow of information. This isn’t just an inconvenience; it can actively impede patient care, delay diagnoses, and complicate transitions of care between facilities.
The issue often stems from “vendor lock-in,” where providers find themselves tied to specific systems due to difficulties in exporting data or integrating with other platforms. This challenge directly impacts data portability, making it tough to switch vendors or share information seamlessly across different health systems, whether it’s an athenahealth login for a small clinic or a complex Epic implementation in a large hospital. It’s a critical barrier to true interoperability.
Recognizing these systemic issues, The HIT Community has long championed open data exchange and provider education. We understand the frustrations and have dedicated our efforts to providing clarity and practical strategies. Our national online community and knowledge network offers resources designed to empower healthcare professionals to overcome these hurdles, ensuring that patient data remains accessible and usable across the care continuum. Understanding health information blocking rules is paramount to achieving this.
What is information blocking in healthcare?
Information blocking in healthcare refers to practices that unreasonably interfere with the access, exchange, or use of electronic health information (EHI). These practices can come from various actors, including health IT developers, health information networks or exchanges, and healthcare providers themselves. The 21st Century Cures Act aims to eliminate these barriers to promote seamless data flow for improved patient care.
Simply put, information blocking is when someone intentionally prevents legitimate access to electronic health information. This isn’t about protecting patient privacy, which is handled by HIPAA; it’s about business practices that restrict data flow. For instance, if a vendor makes it excessively difficult or expensive for a hospital to export its patient data when switching EHRs, that could be considered information blocking. The goal of the federal government, particularly through the Office of the National Coordinator for Health Information Technology (ONC), is to ensure that EHI follows the patient, regardless of where they receive care. This is crucial for care coordination, public health, and patient engagement, allowing patients to view their records through portals like a UW Health MyChart or IU Health portal.
How does the 21st Century Cures Act address information blocking?
The 21st Century Cures Act mandates specific provisions to prevent information blocking, holding health IT actors accountable. It empowers the ONC to investigate claims and impose penalties, creating a framework where the default is data sharing, not restriction. The Act aims to foster innovation and competition by making health information more accessible.
Signed into law in 2016, the Cures Act is a landmark piece of legislation. It didn’t just encourage interoperability; it legislated it. A core component is Section 4004, which explicitly prohibits information blocking. This was a direct response to widespread concerns among providers and patients about difficulties in accessing and sharing electronic health information. The ONC’s Cures Act Final Rule, which took effect in phases, defines what constitutes information blocking and outlines seven specific exceptions where certain practices are permissible. These rules directly influence how EHR vendors like Epic, Cerner, and athenahealth design their systems and service agreements, impacting everything from API access for third-party apps to how easily a walk-in clinic can share patient summaries with a larger hospital system.
“The 21st Century Cures Act and its accompanying information blocking regulations are transformative. They establish a clear expectation that electronic health information should flow freely to improve patient care, foster innovation, and empower individuals.”
— Office of the National Coordinator for Health Information Technology (ONC)
What are the information blocking exceptions?
The Cures Act bans information blocking with a few exceptions. These exceptions outline legitimate reasons why an actor might not provide immediate access, exchange, or use of EHI. They fall into two main categories: those that permit practices that prevent harm or promote privacy, and those that permit practices that advance health IT performance or recover reasonable costs.
Understanding these exceptions is crucial for any healthcare provider or health IT vendor. They aren’t loopholes but rather carefully defined circumstances under which restricting EHI access is permissible without incurring penalties. Robert Claudio has extensively covered these nuances in our discussions on compliance, emphasizing how these exceptions reflect real-world operational challenges. For instance, an exception exists for preventing harm, meaning if sharing information could reasonably endanger a patient or another person, it may be withheld. Similarly, the privacy exception aligns with HIPAA, allowing withholding if privacy is genuinely threatened. We often explore these scenarios in our Massachusetts-specific training programs, where local providers analyze how these rules apply to their day-to-day operations and regional health information exchange. This is part of a broader effort to ensure ethical data practices while building truly interoperable health information systems with FHIR standards, as we discuss in our detailed guide on FHIR Standards Explained: Building Interoperable Health Information Systems.
The seven categories of exceptions are:
- Preventing Harm Exception: Allows denial of access if it prevents physical harm to a patient or another person.
- Privacy Exception: Protects patient privacy in alignment with HIPAA.
- Security Exception: Allows denial if needed to protect the security of EHI.
- Infeasibility Exception: Covers situations where fulfilling a request is genuinely impossible.
- Health IT Performance Exception: Permits denial if it would substantially degrade health IT performance.
- Content and Manner Exception: Allows limiting access to certain content or modifying the manner of response.
- Fees Exception: Permits charging reasonable, cost-based fees for EHI access.
Each exception has strict conditions and limitations that must be met. For example, the Fees Exception only allows recovery of direct costs, not profit generation. The ONC actively enforces these rules, and alleged instances of a data breach or systematic denial of access could lead to significant investigations and penalties.
What are some common information blocking examples?
Information blocking manifests in various ways, often through contractual terms, technological limitations, or even organizational policies. These practices hinder seamless data exchange, impacting patient care, research, and public health initiatives. Recognizing these examples helps providers identify and report potential violations.
In our experience, having dealt with challenges from major EHR platforms like Epic and Cerner to more nimble solutions such as athenahealth, we’ve seen several recurring patterns. Many involve subtle but effective barriers to data portability. For example, a common issue is when a vendor charges exorbitant fees for exporting data in a usable format, effectively holding a practice’s data hostage. Another example is designing an EHR system where critical data elements are locked into proprietary formats that are difficult for other systems to ingest, limiting true interoperability even if an API exists. We’ve also seen instances where health information networks refuse to connect with certain providers or systems without justification, or where a healthcare provider denies a patient access to their own electronic health information, despite a legitimate request through a patient portal like a Sutter Health login or Trinity Health MyChart. These aren’t always malicious acts, but their impact is the same: fragmented patient data.
“The impact of information blocking extends beyond individual patient care, undermining broader public health efforts and the potential for health IT to drive innovation and efficiency across the healthcare system.”
Practical Tips for Navigating Information Blocking and Enhancing Data Portability
Addressing vendor lock-in and ensuring data portability requires proactive planning and a clear understanding of your rights and responsibilities under the Cures Act. Here are some actionable steps healthcare organizations can take:
- Review Vendor Contracts Closely: Before signing, scrutinize clauses related to data export, API access, and interoperability. Look for hidden fees or restrictions on data use. Ensure the contract explicitly supports your right to access and share EHI as permitted by law.
- Demand Open APIs: Advocate for EHR systems that offer robust, standards-based APIs for data exchange. This is critical for integrating with third-party applications and achieving true interoperability, as we emphasize in our guidance on using clinical integration tools like Nuance for automated documentation.
- Understand the ONC Final Rule: Familiarize your team with the details of the Cures Act Information Blocking Final Rule and its exceptions. Knowing your rights and the vendor’s obligations is your first line of defense.
- Plan for Data Migration: If you anticipate switching EHR vendors, develop a comprehensive data migration strategy early. Test data export capabilities and formats to ensure data integrity and usability with the new system. Our work with providers transitioning from smaller systems to larger ones with deep knowledge of major EHR platforms like Epic has shown this preparation is key.
- Utilize Patient Portals: Encourage patients to use secure patient portals to access their EHI. Empowering patients with direct access can sometimes bypass organizational data exchange hurdles. This can also help reduce no-shows, a metric we’ve seen improve with systems like Doxy.me.
- Report Suspected Information Blocking: If you believe an actor is engaging in information blocking without a valid exception, report it to the ONC. These reports are crucial for enforcement and maintaining accountability within the health IT ecosystem.
Overcoming the challenges of information blocking and achieving true data portability isn’t just about compliance; it’s about delivering better patient care. By understanding the regulations, advocating for open systems, and empowering both providers and patients, we can move closer to a healthcare system where information flows freely, exactly when and where it’s needed. The journey towards comprehensive interoperability is ongoing, but with concerted effort and a shared commitment to patient-centered care, we can build a more connected and efficient future for healthcare IT.
